What healthcare facilities need to know to protect against cyberattacks


Laura Drucker

Essential Insights contributor, healthcare writer

Featured expert

Talvis Love

Senior Vice President of eCommerce, Enterprise Architecture & Chief Information Security Officer

As our world becomes increasingly digitized, the rate of cyberattacks is increasing. The global Petya/NotPetya cyberattack made headlines in June when it hit large, multi-national companies and disrupted their operations. This followed on the heels of May’s WannaCry ransomware attack, which wreaked havoc on the U.K.’s healthcare system and several private companies.

The healthcare industry has become particularly vulnerable for cyberattacks, since healthcare records can contain valuable information for criminals. A 2016 study by the Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, found that nearly 90 percent of the healthcare organizations they studied had experienced a data breach in the past two years.

These attacks also prove very costly. On average, cyberattacks cost healthcare facilities $380 per record stolen, a number that's 2.5 times more than the average cost per record across other industries, according to IBM's 2017 Cost of Data Breach Study.

Institutional risks


of all ransomware attacks are directed at hospitals.

The threat to healthcare facilities is multi-faceted. While cost is certainly a major factor, a longer lasting impact is the damage to a facility's reputation and ability to operate.

Cyberattacks put patients and their privacy in peril, eroding trust in healthcare facilities. Patients no longer have confidence that the information they provide is protected, and rebuilding that trust is both necessary and difficult. And then there's the operational impact.

“It's one thing to have a data breach, but it’s a major disruption when malicious software like ransomware gets into a network and lock systems down, preventing hospitals from being able to provide services," said Talvis Love, senior vice president of eCommerce, Enterprise Architecture & Chief Information Security Officer at Cardinal Health. “There have been cases in the news of hospitals being unable to provide care anywhere from a day to weeks until they get their systems back online."

As a result of the huge operational costs, healthcare facilities are often quick to comply with ransom requests. It's no surprise then that they are such frequent targets – hospitals receive 88 percent of all ransomware attacks.

Getting prepared

Healthcare facilities are "rapidly improving their posture," when it comes to cybersecurity, Love said, but most still have more work to do. Fortunately, emerging advancements in information security are poised to help protect healthcare facilities.

Love listed three promising advancements in the ongoing fight between healthcare facilities and cyber criminals.

Cybersecurity resources

Resources from the American Hospital Association

6 steps to be ready to respond to a ransomware attack

Best practices from The Advisory Board

1. Behavioral-based analytic platforms and tools. Every piece of malware has a unique "signature," or a pattern of behavior that separates it from other pieces of code, Love explained. Historically, digital protection services have relied on signature-based detection to parse out bad code. The problem with this, Love noted, is that it takes time to observe a pattern, and the longer malware sits on your network, the more damage it does. And that's not even the biggest issue.

"Today's malware changes quite frequently, so what you experience today could be very different tomorrow or next week from the first time you detect it," Love said. "That really renders the signature ineffective."

The good news is there are solutions available, including security software that analyzes the big picture, assessing behavior across your entire digital environment and establishing a baseline of what's normal. "When anything goes beyond normal it flags it as a potential issue and allows you to eradicate it much faster than if you were going through that signature-based process," Love said.

2. Cloud-based security. Cloud-based security – security services or resources made available to users on demand via the Internet from a cloud computing provider's servers - has grown rapidly in recent years. With this growth, cloud-based security has evolved such that it can actually be more secure than on-premise solutions. It's not inherent, he added, you have to build strong security into it, but it's relatively simple to do. This makes the cloud an increasingly good option for healthcare facilities, especially small and mid-size facilities that might not have strong IT departments.

3. The "Internet of Things." The Internet of Things (IOT) refers to all devices with internet connectivity, not just computers. Healthcare facilities are filled with IOT, from medical devices to monitors, and unfortunately, Love said, these devices were not designed with security in mind. "They have lots of security flaws inherent in them, but there are coming advances to detect those and better connect devices to EHR systems and tie the entire eco-system together," he added. This security feature is a bit further off, but it will be a key area of innovation in helping healthcare facilities safeguard their entire environment.

Given the complexities of cyberattacks, Love recommends healthcare facilities form a relationship with a dedicated IT firm that can help plan, prepare for, and respond in the event of a cyberattack. While on-site information security is necessary for monitoring systems, outside firms are experts in fighting the battles against cyber criminals. And do this soon, Love advised, because in the healthcare industry it may just be matter of when you’ll get attacked.